similar to: bug in documentation for "Protocol" option

Hi, working on tightening our network (somewhat) today, I found that OpenSSH doesn't seem to have the "AllowSHosts" directive (in sshd_config) that Commercial SSH (at least 1.2.25 & up) has. Now I wonder whether that hasn't been implemented yet, or has been dropped for a certain reason. I find this very useful for what I want to achieve - inside the company network,

Hi, Connecting from RHL7 with OpenSSH 2.3.0p1 or 2.5.0p1 to OpenSSH 2.3.0p1 on AIX 4.3.1. Protocol 2 doesn't work if you specify 'Ciphers rijndael128-cbc' or Ciphers 'aes128-cbc'. sshd -d -d -d on the server shows _nothing_ about these connections. I'm not sure if rijndael has been left out from sshd somehow, but shouldn't the error message be a little more

Using openssh-SNAP-20001016 all of our problems with hanging connections have gone away (woohoo!), and it seems to be working flawlessly, but I am seeing messages like this in syslog: Oct 24 16:57:48 dhumb301 sshd[17752]: error: channel 0: internal error: we do not read, but chan_read_failed for istate 8 Oct 24 16:57:59 dhumb301 sshd[17771]: error: select: Bad file descriptor Oct 24 16:58:30

Hello all, It seems the overhaul on key exchange/selection broke it badly. I haven't managed to use any other encryption method than 3des and blowfish when connecting to SNAP -> SNAP. SNAP -> 2.2.0p1 will use arcfour etc. quite cleanly. How SNAP -> SNAP looks like: --- debug: Local version string SSH-2.0-OpenSSH_2.2.0p2 debug: send KEXINIT debug: done debug: wait KEXINIT debug:

High all, I'm running openssh 3.0.2p1 and it seems that the chroot patch delivered in the /contrib folder of the portable distrib does not apply to this release. Does anyone know if i can find an updated patch. Thanks -- Johan LEGROS Direction Informatique R?seau & T?l?com Tel : +33 1 71 71 56 62 Fax : +33 1 71 71 55 77 Email : jlegros at canal-plus.fr URL :

Long post.. sorry. Ok.. I've got three systems, all running openssh-3.0.2p1. As a matter of fact, they were installed from the same built tree, so I know they are the same. Here's the deal. I've got three systems, call them source1, source2 and target. All are HP-UX 11.0 systems installed from the same tree. Source1 and source2 both have thier root rsa pub keys in target's

I see that: SSH uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes Two ques re: sshd: 1) Using openssh, how do I configure which

On Mon, Jan 18, 2010 Joachim Schipper wrote: > What this patch does can be described as follows: > > Without: > you at local$ ssh somehost > Enter passphrase for RSA key 'foo': > you at somehost$ exit > $ ssh otherhost > Enter passphrase for RSA key 'foo': > you at otherhost$ > > With: > you at local$ ssh somehost > Enter passphrase for RSA

password authentication fails even tho i used LIBS=-lcrypt option Any help will be appreciated

mdb-bsd is a FreeBSD 4.2-STABLE box morpheus is a Red Hat Linux 6.2 box with openssl 0.9.6 on it. Attempts to use SSHv2 fail. Using SSHv1 succeeds. sshd from OpenSSH2.5.1p1 is getting a fatal: xfree: NULL pointer given as argument Full client and server interaction given below. -- Mark Script started on Mon Feb 19 10:47:01 2001 1:mdb at mdb-bsd$ ssh -v -v -v -2 -x morpheus date SSH Version

Dear OpenSSH gurus, My machine is running Red Hat Linux 6.1 and has installed all of the 6.binary rpms generated from the source rpms openssh-2.2.0p1-2.src.rpm 6.and openssl-0.9.5a-3.src.rpm. When I use protocol version 2 (by specifying "Protocol 2,1" in ~/.ssh/config), I can establish connections properly, but they do not shut down properly. When I run a remote command by "ssh

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

OpenSSH 2.9.9 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH 2.9.9 fixes a weakness in the key file option handling, including source IP based access control. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability

Hello, whereas most people take passwd/shadow/ldap/<whatever> as the place where decision on a chrooted environment / sandbox for certain users is met (just set the given usershell appropriateley), I needed a somewhat different approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config by two options and, when set, places all users / users of a certain group immediately in

Hi, Using OpenSSH 2.9p2 (2.5.2 was also bad), I've noticed data loss on Linux when: 1) ssh -n flag is used, and 2) ssh jobs are run from cron (effectively causing the same as above). What is done, is a command basically like: ssh [-n] -c blowfish -p 722 -i rsakey -l pwget passwdserver passwd > passwd.tmp 2> /tmp/log ie, retrieve dynamically created passwd-file from passwdserver

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

The included patch adds a new option to the ssh client: -d fd Read the password from file descriptor fd. If you use 0 for fd, the passphrase will be read from stdin. This is basically the same as GPG:s parameter --passphrase-fd. Flames about why this is a bad idea goes into /dev/null. I really need to do this. There are lots of ugly Expect-hacks out there, but I want a more clean

If the source and destination file are identical, the receiving scp truncates the file. On the sending end, read() returns 0, and garbage is sent instead of actual data, and the receiving end puts it into the file, which at least confuses the users. -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/

Ok.. I'm starting official testing calls early this release. I'd like to have more feedback and more time for handling fixes. If people could test snapshots (http://www.openssh.org/portable.html, pick your favorate mirror and select snapshots directory) and report failures it would be useful. For those with pmake install there is regress/ which you can try out. It may help any platform

OK, with openssh-SNAP-20001218 I still have the problem of a hanging ssh when running (one specific) command on a server. On the server side, there's a small suid C prog (/usr/dh/mgmt/HupServer) that runs system "/usr/local/apache/bin/apachectl stop/start". Incidentally, apachectl is a shell script, hence the need for a suid wrapper for non-root users... On the client side,